<?php
/**
 * Project: Recipe
 * File: PublicAction.class.php
 * Author: Xnfy520@gmail.com
 * Date: 12-5-14
 * Time: 下午1:53
 */

class PublicAction extends Action{


//	function verify(){
//		import('ORG.Util.Image');
//		Image::buildImageVerify(4, 1, 'png', 60);
//	}

	function login(){
		$this->display();
	}

	public function checkLogin(){

		C('TMPL_ACTION_ERROR', THEME_PATH.'/Public/dispatch_jump.html');

		if(empty($_POST['username'])) {
			$this->error("User Name Can't For Empty");
		}elseif (empty($_POST['password'])){
			$this->error("The Password Can't For Empty");
		}elseif (empty($_POST['verify'])){
			$this->error("Verification code can't for empty");
		}

		$map            =   array();

		$map['username']	= $_POST['username'];

		if($_SESSION['verify'] != md5($_POST['verify'])) {
			$this->error('Authcode Error!');
		}

		$user = D('User');
		$userinfo = $user->relation(true)->getByUsername($_POST['username']);

		if(empty($userinfo)){
			$this->error('The username or password mistake');
		}

		if($userinfo['status']==0){
			$this->error('用户不存在或未被激活');
		}elseif($userinfo['roleuser']['roleid']!=1){
			$this->error('非管理员不能登录后台');
		}

		import ( 'ORG.Util.RBAC' );
		$authInfo = RBAC::authenticate($map);

		if(false === $authInfo) {
		//	$this->assign('waitSecond',3);
			$this->error('The account does not exist or has banned!');
		}else {
		//	$this->assign('waitSecond',3);
			if($authInfo['password'] != md5($_POST['password'])) {
				$this->error('Password mistake!');
			}
			$_SESSION[C('USER_AUTH_KEY')]	=	$authInfo['id'];
			unset($_SESSION['uesrname']);
			unset($_SESSION['userid']);
			unset($_SESSION['userrole']);
			$_SESSION['username'] = $authInfo['username'];
			$_SESSION['userid'] = $userinfo['id'];
			$_SESSION['userrole'] = $userinfo['roleuser']['roleid'];
			if($authInfo['username']=='admin') {
				$_SESSION['administrator']		=	true;
			}

			RBAC::saveAccessList();
			$this->success('Login Success!','__APP__/Index/index');
		}
	}

	public function loginout(){
		if(isset($_SESSION[C('USER_AUTH_KEY')])) {
			unset($_SESSION[C('USER_AUTH_KEY')]);
			unset($_SESSION);
			session_destroy();
			$this->success('Exit success', __ROOT__);
		}else {
			$this->error('Has Been Out');
		}

	}

}